<?php
/**
 * 系統名稱: Lotto 系統
 * 檔案說明: 專案管理-修改
 * $Author$
 * $Id$
 *
 */

 /*********************************************
傳入參數
Account：帳號
Password：密碼
***********************************************/
session_start();
$_LangPath = "login_admin";	//語言檔參數，務必放在最前面
$_DBSite = "Query";

include_once("config.inc.php");
include_once(__Language_Path."/selectlanguage_admin.php");
include_once(__DBConnect_File);
include_once(__Root_Path."/indexpage/db.inc.php");

function isValid(&$strWorld){  //是否包含不合法字元
	if(strchr($strWorld, '%')) return true;
	if(strchr($strWorld, "'")) return true;
	if(strchr($strWorld, "#")) return true;
	if(strchr($strWorld, "`")) return true;
	return false;
}

$strUserAcc = trim($_data["Account"]);
$strUserPwd = trim($_data["Password"]);
if($strUserAcc == $strUserPwd){
	header("Location: http://www.google.com");
	exit();
}
//===========================================================================//
//登入超過規定3次數
if($_SESSION["Admin_LoginErrNo"] > 3){
	$GLOBALS["errormessage"] = $_strLogin["LoginOver3"];	//您已經登入失敗三次，請過半小時後再登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

if(time() <= $_SESSION["Admin_Info"] -> ExistUserCheckTime && $_SESSION["Admin_Info"] -> Account == $strUserAcc){
	$GLOBALS["errormessage"] = $_strLogin["isUsed"];	//請等待三分鐘後再一次嘗試登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}
//===========================================================================//
if(isValid($strUserAcc) || isValid($strUserPwd)){
	$_SESSION["Admin_LoginErrNo"]++;
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

$_strSQL = "select * from `outUserData` where `UserGroup` != 1 and `UserAcc` = '".$strUserAcc."' and `DBSite` = '".$_blDBName."' limit 0,1";// and Password = 
if(!$RS = @PMA_mysql_query($_strSQL, $$_Conn)){
	$_SESSION["Admin_LoginErrNo"]++;
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

//找不到帳號密碼
if(PMA_mysql_num_rows($RS) == 0){
	if($strUserAcc == $strUserPwd){
		header("Location: /member/game/game.php");
		exit();
	}
	$_SESSION["Admin_LoginErrNo"]++;
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

$objAdmin = PMA_mysql_fetch_object($RS);
@mysql_free_result($RS);
if($objAdmin -> UserPwd !== md5($strUserPwd)){
	$_SESSION["Admin_LoginErrNo"]++;
	$GLOBALS["errormessage"] = $_strLogin["ID&PWD_Err"]."<br />".$_SESSION["Admin_LoginErrNo"]." times!!";	//帳號和密碼錯誤，請重新登入！
	ErrMsgOutputHTML("LoginError", "", 1);
}

if($objAdmin -> UserStatus == '1'){
	$GLOBALS["errormessage"] = $_strLogin["NoPower"];	//您的帳號已經被停用！
	ErrMsgOutputHTML("LoginError", "", 1);
}


//===========================================================================//
//轉址動作

if(file_exists(__Common_Path."/RedirectLink.inc.php"))include(__Common_Path."/RedirectLink.inc.php");
if($arrRLink[$_SERVER["HTTP_HOST"]] != ""){
	if(preg_match("/Safari/i", $_SERVER["HTTP_USER_AGENT"])){
		$strRLink = "http://".$arrRLink[$_SERVER["HTTP_HOST"]]."/crontab/testCookie.php?Redirect=y&Account=".$strUserAcc."&Password=".$strUserPwd."&lang=".$_SESSION["Admin_LanguageNo"]."&RdHttpHost=".$_SERVER["HTTP_HOST"];
	}else{
		$strRLink = "http://".$arrRLink[$_SERVER["HTTP_HOST"]]."/k_admin/login_admin.php?Redirect=y&Account=".$strUserAcc."&Password=".$strUserPwd."&lang=".$_SESSION["Admin_LanguageNo"]."&RdHttpHost=".$_SERVER["HTTP_HOST"];
	}
	header("location: ".$strRLink);
	exit();
}
?>